[buddypress-trac] [BuddyPress Trac] #4646: Deleting profile fields - UX issue
buddypress-trac
noreply at wordpress.org
Mon Nov 28 21:27:31 UTC 2016
#4646: Deleting profile fields - UX issue
----------------------------+------------------
Reporter: rogercoathup | Owner:
Type: enhancement | Status: new
Priority: normal | Milestone: 2.8
Component: Administration | Version: 1.5
Severity: normal | Resolution:
Keywords: needs-patch |
----------------------------+------------------
Changes (by DJPaul):
* keywords: has-patch => needs-patch
Comment:
Eeep, scary old code! :) Rather than tack a new part on the end, let's
improve the whole thing. While there isn't an output escaping issue as
such, the way it has been done already is less than perfect.
We need to `esc_url` the entire value for the `href` attribute, and use
either `add_query_arg` or `sprintf` to concatenate the hardcoded URL and
the variables together. Think also about how to escape the values you're
concatenating (strings would usually be passed through `urlencode` but it
looks like these are integers, so you could do a simple cast to make that
clear).
I think you'd do this above the HTML part of the function, because trying
to do all that inline would make the line length really long.
--
Ticket URL: <https://buddypress.trac.wordpress.org/ticket/4646#comment:5>
BuddyPress Trac <http://buddypress.org/>
BuddyPress Trac
More information about the buddypress-trac
mailing list